Ruby on Rails security hole still being exploited by hackers

A security researcher claims, despite being patched several months ago, hackers are still exploiting Ruby on Rails security hole

Siren

Hackers are continuing to exploit a vulnerability in the Ruby on Rails (RoR) application framework, despite being patched several months ago.

At the beginning of this year when the RoR software weakness was discovered, it was claimed that over 200,000 websites that used the framework were at risk of being hacked.

Coming off the RoR 'critical vulnerability' in January, it has been claimed that some of the affected sites were recently hit by hackers.

Jeff Jarmoc, a security researcher, posted on his personal blog that he isn't surprised there are still problems with RoR because some administrators may not have installed the update.

"In short, this is a pretty straightforward skiddy exploit of a vulnerability that has been publicly known, and warned about, for months," Jarmoc wrote in his post.

This wave of hacks on servers come from a remote command, which downloads and executes files called cmd1, cmd2, and cmd3.

Allowing the bot to change servers, download and execute additional files when commanded. There is no authentication needed, allowing other attackers to manipulate these hacked sites after the initial hacking.

The total number of servers that were hit this time is unknown.

This vulnerability is easy to fix, and an update to system versions 3.2.11, 3.1.10, 3.0.19, or 2.3.15 should fix the weakness claimed maintainers of the Rails framework.

Jarmoc believes this is just a continued exploit of a weakness that has been know about since January, but it does and has continued to cause headaches for those who haven't taken the time to update.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Colonial Pipeline reportedly paid $5 million ransom
Security

Colonial Pipeline reportedly paid $5 million ransom

13 May 2021
Apple's AirTag tracker has already been hacked
hacking

Apple's AirTag tracker has already been hacked

10 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021